Single sign on - not working

3475
1
06-17-2014 06:11 PM
DavidAskov
New Contributor III
I have my GeoPortal 1.2.4 app all set up using connections to LDAP. Everything is working well security-wise, and now I want to enable single sign on.

Without reading any documentation, I tried setting singleSignOn (in gpt.xml) to true to see what would happen. I am able to log in, and it shows my user name in the top with a welcome message and there is a logout link. After I navigate to any other page in the app (e.g.: click on "Search" tab), I am logged out.

So, I decided I needed to research this a bit, and found these instructions:
https://github.com/Esri/geoportal-server/wiki/Single-Sign-On#Modify_the_webxml_File

Are those the correct instructions? We are using Tomcat, so I am following the Tomcat section in that documentation. The three sections in the docs are:
1) Modify the Tomcat server.xml File: The server.xml was already set up for LDAP before we started. We verified that everything was set up per the docs. As I said before, the connection to LDAP is working ok. No problems there - just trying to enable Single Sign On with other apps.
2) Update the geoportal gpt.xml file: Changed "false" to "true" - simple.
3) Modify the web.xml File: This is where I really ran into trouble. It tells us to uncomment certain sections, but our web.xml file looks NOTHING like the text in the instructions.

Our security-constraint section looks like this:
    <!--security-constraint>   
      <web-resource-collection>
        <web-resource-name>Restricted content</web-resource-name>
        <description>Restricted content</description>
        <url-pattern>/Eros</url-pattern>
        <url-pattern>/rest/usage/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
      </web-resource-collection>   
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint-->


Uncommenting this had no effect. I also tried copying the security-constraint from the docs into the file, but then we just get a Tomcat 403 error when we try to log in.

Can anyone help me figure this out? Security seems to be working ok in the GeoPortal as a stand-alone app, so we just want to enable single sign on now.

thanks!
0 Kudos
1 Reply
MartenHogeweg
Esri Contributor

looks like there is a discrepancy between the documentation and the web.xml file content. I have updated the text to suggest merging the snippet from the wiki page rather than uncommenting it. This block mentioned in the wiki page secures the login page and defines user roles with access.

0 Kudos